Re: Password Expiration but GPO not in effect.

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: "Danny Sanders" <DSanders@xxxxxxxxxxxxxxx>
Date: Wed, 18 Oct 2006 11:31:49 -0600

Account policies are one to a domain. A password policy applied at the OU
level will only take affect when logging on locally.

You need to set your password policy at the domain level.

FYI
If you have resources on your domain sensitive enough to require a "strong"
password policy, setting up some accounts without a strong password policy
amounts to you creating a security hole.

Differing account polices is one reason to create a second domain.

hth
DDS
"AlpsAuto" <AlpsAuto@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5DB752D4-5D61-4B67-ACAA-81ED14F6CE9A@xxxxxxxxxxxxxxxx

W2K3 SP1, OU's have been setup to reflect the organisation. Password
policy
created and linked to each OU on a different day for rollout. However some
user's passwords are being expired before the roll-out of the Password
Policy
GP. GP has not been linked yet and the default domain policy was not
altered
for password changes. Any thoughts???

Prev by Date: Trust between Domains Question
Next by Date: Re: Security log get overwritten, log size less than max litmit
Previous by thread: Trust between Domains Question
Next by thread: Re: Password Expiration but GPO not in effect.
Index(es):
- Date
- Thread

Relevant Pages

Re: Password expires for no apparent reason
... go to the server and run rsop.msc and check your password policy, ... expires' is set for each user. ... the minimum password age is there to prevent users from blowing ... As Harj said Account lockouts could potentially be a problem as perhaps the ...
(microsoft.public.windows.server.active_directory)
Re: Problems testiing GPO for password complexity on OU before changing default domain policy
... Account policies are only read at the domain level and you can only have one ... apply to the local machine account policy. ... The complex password policy is applied when I logon to the local machine but not when I logon with a domain user which is a member of the OU and security group within that OU. ...
(microsoft.public.win2000.active_directory)
Re: Valid password characters
... A good password policy should be combined with a good user name ditto. ... whereby an account would be disabled after a certain of unsuccessful ... The attack on this type of protection will not be a frontal attack ... without even the implied warranty of merchantability ...
(microsoft.public.inetserver.asp.db)
Re: Password Policy for remote users
... There is only one password policy per domain or per machine. ... accounts, and this or the highest priority GPO setting account policies ... Change remote users passowrd to more complex. ...
(microsoft.public.security)
password change problem
... top and want this password policy accross the domain. ... At first, all was fine, my users could ctrl-alt-delete ... change the password for the domain adminstrator account ... change and next log in, no problem works fine, just cant ...
(microsoft.public.windows.group_policy)